For instance it was
reported in 2014 that there was a 136% increase in cyber threats and
attacks against Indian government organisations as compared to the
previous year. Similarly, there was 126% increase in attacks
targeting financial services organisations. There is no doubt that a
strong cyber security infrastructure is need of the hour in India.
Even the national cyber security policy of 2013 must be substituted
with the new cyber security policy of India 2015.

Perry4Law Organisation
(P4LO) has been suggesting formulation of the encryption policy of India (PDF) for long. As a result Indian
government tried to bring an encryption policy recently under Section
84A of the Information Technology Act, 2000 (IT Act 2000) but it was
highly defective. The government ultimately scrapped the encryption
policy but it need to be formulated in a proper manner again.

As on date we are facing
the following cyber security challenges in India:

(3) The IT Act 2000 was
passed to govern legal issues of e-commerce, e-governance, cyber
crimes, etc. But, according to experts, new and better techno-legal
laws must be enacted in place of the old law. Techno legal experts
believe that Indian laws like IT Act 2000and telegraph act require urgent repeal and new and better techno legal laws
must be enacted to replaces these laws.

(4) On 13 April 2015, the
government announced that the Ministry of Home Affairs would form a
committee of officials from the Central Bureau of Investigation,
Intelligence Bureau, Delhi Police, National Investigation Agency and
ministry itself to produce a new legal framework similar to the
erstwhile Section 66A of IT Act 2000. However, it is still to be
enacted as per the information available with Perry4Law Organisation
(P4LO).

India is presently facing
many type of cyber security threats. These include sophisticated
cyber attacks, cracking, child pornography, cyber stalking, denial of service (DoS)
attacks, distributed denial of service (DDoS) attack, malware
infections, zero day vulnerabilities, phishing attacks, data theft,
etc. In June 2012, cyber attacks were reported on the Indian Navy’s
Eastern Command systems. On July 12, 2013, just few days after the
release of the National Cyber Security Policy, several high-level GOI
officials reported their emails had been hacked. A report later on
revealed that almost 12,000 systems were hacked which included
systems from the Ministry of External Affairs, Defence Research and
Development Organisation, Ministry of Home Affairs, National
Informatics Centre etc. There are also few reports of Pakistan
indulging in threatening cyber warfare. Hacker groups based out of
Karachi and Lahore have in recent years managed to hack the websites
of the Central Bureau of Investigation (CBI) and the Bharat Sanchar
Nigam Limited (BSNL) mostly to leave hate mail. It is widely believed
that regional terrorist outfits, like the Indian Mujahideen (IM) have
also made use of social media sites to communicate effectively.

Perry4Law Organisation
(P4LO) has provided the following suggestions to Indian government
from time to time:

(4) There must be a
dedicated cyber security law of India keeping in mind contemporary
cyber security threats.

(5) Cyber security
disclosure norms in India must be formulated as soon as possible.

(6) The cyber security
awareness in India must be further improved and spread so that
various stakeholders can also effectively take part to the
implementation of cyber security initiatives of Indian government.

The success or
failure of any project depends upon it due research and analysis.
Without a proper homework and due diligence, a project may face many
shortcomings, lacuna and limitations. One such project is known as
Digital
India. As on date, the
Digital India project of India government is heading towards rough
waters and problems. This is
because Digital India project is suffering from many shortcomings
and limitations that Indian
government has failed to remove.

In fact,
Vodafone has confirmed that India has been using “Secret
Wires” in the Telecom
Infrastructure to indulge in e-surveillance. Indian Department of
Telecommunications suppressed the whole incidence with a mere
assurance of “Investigation”
that never took place. As per my personal information, no “Public
Report” was made available in this regard by Indian Government so
far.

In a latest
twist, the Indian Government clubbed its latest Project named Digital
Locker with Aadhaar. Essentially it means that Digital Locker is a
legal project based
upon illegal technology named
Aadhaar. I have serious doubts that Digital Locker would serve its or
Digital
India’s purpose in these
circumstances. The matter does not end here. Indian Government has
claimed before the Supreme Court that Aadhaar
is not mandatory for availing
public services. However, this stand of Indian Government is not
correct as Aadhaar has already been made compulsory for many public
services and many more are added on regular basis.

Surprisingly, Supreme
Court has not invoked either the Contempt or the Perjury proceedings
against Central Government and States for making false claims and
giving incorrect statements. Is not it the duty of Supreme Court to
protect the Fundamental and Human Rights of Indian Citizens and
residents? It is difficult to believe that Supreme Court is not aware
of the ground situation that is actually happening in India. How can
the Supreme Court simply rely upon false and misleading statements
and allow the Central Government and States to operate in a manner
that is clearly prejudicial to the Constitutional Protections and
Principles?

It would be
really unfortunate if Digital India Project is made the biggest
Panopticon of Human History
and an endemic E-Surveillance Instrumentality for the Indian
Government where every bit of “Digital Information” can be
accessed and manipulated by Indian Government. If this is the
intention of Indian Government then Digital India Project is heading
for rough waters.

Wednesday, November 4, 2015

Smart
cities are the future of urbanisation and population sustainability.
The aim of smart cities is to provide a conductive environment for
living, commercial activities, healthcare and overall development.
Smart cities also predominantly rely upon use of information and
communication technologies (ICT) to render public services. Wherever
applicable, Internet
of Things (IoT)
(PDF), cloud computing and virtualisation and machine to machine
(M2M) system usage is also there. However, this omnipresent usage of
ICT, IoT, M2M, cloud computing, etc has a potential drawback as well
in the form of indifference towards smart
cities cyber security.

Monday, July 20, 2015

In an in-depth research article by Perry4Law
Organisation (P4LO) it has been revealed that the Aarushi
murder case reflects poor
cyber forensics usage by CBI and defense lawyers. The way
investigation and prosecution was conducted in the Aarushi case, it
is clear that electronic evidences were not given the importance that
they deserved. It was very much possible to ascertain the truth with
great certainty if electronic evidences were forensically acquired by
CBI and the defense lawyers used the same while examination and cross
examination of the prosecution witnesses.

However, the case was decided merely on the basis of
circumstantial evidences that also relying upon many presumptions and
circumstances. Some of these presumptions and circumstances could
have been proved or disproved by using electronic evidence and cyber
forensics methods.

Nevertheless, both CBI and defense lawyers neglected
the cyber forensics angle and the case was decided by the lower court
based upon the version given by CBI. It is not clear what would the
fate of this case at the higher court level be as the High Court has
to keep in mind many more considerations besides the circumstantial
evidences on the basis of which the prosecution case rests.

The logs, details and data from the accessed
websites, computer’s hard disk, router’s logs, etc could have
provided valuable lead and evidences regarding the case, opines
Praveen
Dalal, the leading techno legal lawyer of Asia. The
digital evidence from all available technology platforms and
instruments must have been analysed in depth and they must have been
used by the parties to the case for claiming rights and avoiding
liabilities, says Dalal.

India has recently announced the digital India
initiatives that intend to strengthen e-delivery of services in
India. However, along with e-delivery of services, Indian government
must also be ready to deal with increased cyber crimes. We have very
few initiatives in India that are catering to the requirements of
cyber
crimes investigation and cyber
forensics analysis of the growing cyber crimes and cyber
contraventions happening in India. Indian government must ensure
modernisation
of law enforcement agencies of India as soon as possible along with
making them accountable
to the Parliament of India.

Tuesday, June 30, 2015

This is the guest
post of Praveen
Dalal elaborating the dangers that Aadhaar project is
posing to the democracy and fundamental rights of Indian citizens.
The persistent use of Aadhaar by Indian government even at the cost
of contempt of court and prohibition
by the Supreme Court of India shows that Indian government is well
committed to violate the civil liberties of Indian citizens, opines
Dalal. In fact, the Digital India project has become the biggest
digital
panopticon of human history as Indian government has
illegally linked the same with the illegal and unconstitutional
technology names Aadhaar, says Dalal.

Aadhaar Project was visualised as a public good
project but it ended up being a project that is violating various
Constitutional
and Statutory Provisions. The Constitutional Validity of
the Aadhaar Project has been questioned
before the Supreme Court of India. In another related case, the
Supreme Court of India has held that the Aadhaar cannot
be made compulsory for availing Public Services.
Similarly, the Supreme Court has also restrained
UIDAI from transferring any Biometric Information of any
person who has been allotted the Aadhaar number to any other Agency
without
his consent in writing (PDF).

Just like Congress Government even the BJP
Government has declared that it would bring and ensure a Legal
Framework for Aadhaar. However, till the writing of this
Article, no news about a Legal Framework for Aadhaar is available. As
a result the position on the date is that Aadhaar is operating
without any Legal Framework and Parliamentary Oversight.

Aadhaar Project in its “Current Form” is
suffering from many “Illegalities and Infirmities”. For instance:

(1) Aadhaar has been made “Mandatory and
Exclusive” for availing many Public Services in India despite
Supreme Court’s Interim Order and Constitutional Prohibitions.

(2) Aadhaar Project is not supported by any Legal
Framework and is not subject to “Parliamentary Oversight”.

All these aspects make the Aadhaar
Project an Unconstitutional Project that was required to
be Scrapped
by the Modi Government. Alternatively, all these Constitutional
Infirmities and Illegalities were required to be “Eliminated” by
the Modi Government before allotting further funds to Aadhaar
Project. There cannot be a “Third Option” for the Modi Government
and wasting precious “Public Money” on Unconstitutional Project
like Aadhaar “Can Never Be Justified” even by the Standards of
the “Fancy Words and Empty Promises” made by the Congress and BJP
Governments regarding Aadhaar Project.

Not only this, the entire situation has also raised
“Serious Questions” about the “Real
Intentions” of Indian Government vis-à-vis Aadhaar
Project. The “Present Form” of Aadhaar Project and the behaviour
of Indian Government regarding Civil Liberties have definitely
negated the theory of Welfare Project as projected by both Congress
and BJP Government. But if Aadhaar Project is not a Welfare Project
what is its purpose and true nature?

It is for You to decide whether You wish to give
Your Children a “Free and Transparent India” or You wish Your
Children to be a Guinea Pig or Lab Rat for Indian E-Surveillance
Projects like Aadhaar that are clearly Illegal and Unconstitutional.

India is presently gripped in the euphoria of
digital India. This is also a time when many have started exploring
the entrepreneurship instead of seeking an employment career. While
this is a good move yet entrepreneurship without a legal framework or
in derogation of the laws of India is not a thing to be encouraged.
One such area where there is a need of urgent laws and regulations is
online
gaming and online gambling.

Online gaming has created great interest among the
gaming stakeholders. India has also witnesses many companies and
gaming stakeholders trying to establish their online gaming business.
These include launch of online poker and rummy websites, online card
games websites, etc. However, in the absence of a holistic and
comprehensive regulatory framework in this regard, online card games
and online games are still legally risky ventures.

In fact, online card games websites may be legally
risky if not properly drafted and managed. Till now the
position regarding playing rummy with stakes is not clear and
different High Courts have given conflicting judgments in this
regard. This has exposed all those who are playing card games with
stakes to numerous litigations across the India.

For instance, a majority of online poker and rummy
websites are flouting
laws of India and they can be punished any time by the
government. Perry4Law
strongly recommends that till the time Indian Supreme Court or
Central Government clarifies the legal position regarding online
gaming in India, the online gaming/gambling stakeholders must comply
with existing and applicable techno legal requirements of Indian
laws.

Unfortunately, this is not happening as on date and
online gaming websites are openly flouting the laws of India. They
are not at all complying with the cyber
law due diligence (PDF) requirements of Indian cyber law.

What is more surprising is the stand of Indian
Government in this regard. Indian Government is neither clarifying
its stand before the Supreme Court nor is bringing a suitable techno
legal legislation to make the regulatory uncertainty clear.

Perry4Law believes that the least various online
gaming stakeholders can do is to comply with the maximum possible
laws of India. This compliance requirement must consider
technological, traditional and commercial laws of India.

We all are systematically, continuously and
vigorously brainwashed with daily doses of social media and other
forms of publicity regarding the digital India project of Indian
government. However, when it comes to critical
analysis of the digital India project, they are severely
censored in India. Even the facets of digital India like
smart cities are suffering from violation of civil
liberties issues and facing dangers of inadequate cyber
security.

According to Dalal, Digital India is a very
ambitious and significant project by Indian Government. However, it
is also suffering from some “Shortcomings”
that have still not been tackled properly. As a result the Digital
India project is heading towards rough
waters and may face many legal and technological
challenges in the near future.

I would not discuss all these shortcomings in this
article but am focusing on a particular problem that has taken the
shape of a “Civil Liberties Violations Menace”. Yes I am talking
about the E-Surveillance and Eavesdropping aspects of Indian
Government projects like Central
Monitoring System (CMS), National
Intelligence Grid (Natgrid), Internet Spy System Network
and Traffic Analysis System (NETRA),
National Cyber Coordination Centre (NCCC),
etc. To make the matter worst, Indian Government has been postponing
Intelligence
Agencies Reforms for many decades.

However, nothing can beat the draconian
e-surveillance
project named Aadhaar that has been designed to take a
complete control over the digital lives of Indians. Surprisingly both
the Indian Parliament and Supreme Court of India are watching
helplessly while the Executive branch has usurped the “Legislative
Powers” and literally mocked all sorts of Judicial
Review.

Take the example of the interim
order (PDF) issues by Supreme Court of India mandating
that Aadhaar cannot be made mandatory for availing various public
services. Although Central Government has informed the Supreme Court
that Aadhaar
is not mandatory for availing public services yet it has
been made compulsory for almost all the digital
and non digital services in India. As a result a wonderful project
like Digital India would be heading for rough
waters if our Judiciary is even “Remotely Sensitive”
to Civil Liberties Violation issues.

This is also not the end of the story. When
everything is clubbed with Aadhaar, it gives a complete control to
our E-Surveillance loving Government over our digital and non digital
lives. There is nothing left to claim Informational
Privacy from our own Government. Privacy is our Human
Right and not a Government charity and it should not be
taken away with direct or indirect methods.

What is most anguishing is the “Deafening
Silence” of the Parliament of India and Indian Supreme
Court to resolve these issues. Why Parliament has abdicated its
“Legislative Powers” in favour of the Executive and why Supreme
Court has not taken the Executive stringently cannot be explained
with any rationale explanation. However, in the absence of exercise
of their “Constitutional Duties” we can safely conclude the
“Separation of Powers” under the Indian Constitution has “ceased
to exist” in the present and turbulent E-Surveillance era of India.